If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the IJT 2019 Düsseldorf gGmbH. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, the IJT 2019 Düsseldorf gGmbH has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

1. Definitions ↑

Definitions used in the data protection statement of the IJT 2019 Düsseldorf gGmbH are based on those of the European directive and regulatory authority as adopted within the General Data Protection Regulation (GDPR) of the European Union. Our data protection statement is intended to be easily readable and understandable for the public domain as well as for our customers and business partners. To this end, we have hereby provided an explanation of the definitions which we use.

We include the following definitions in this data protection statement:

a) Personal data

’Personal data’ is the information relating to an identified or identifiable natural person (hereafter “data subject”). Identifiable, in this sense, means a natural person who through direct or indirect means could be particularly identified through a unique label, like a name, an identification number, by a location, by an online identifier or through one or more special attributes, as an expression of a physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person.

b) Data subject

A ‘data subject’ is any identified or identifiable natural person whose personal data is being processed by the controller responsible for that processing.

c) Processing

’processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

e) Profiling

‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. .

g) Controller or the controller responsible for processing

‘controller or controller responsible for processing’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;.

h) Processor

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third party

‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller ↑

The controller, as in the meaning of the General Data Protection Regulation, any other data protection legislation of the member states of the European Union and other regulations with a data protection regulatory character, is the:

IJT 2019 Düsseldorf gGmbH
Jahnstr. 45,D-41564 Kaarst

Tel: +49 231 57700-52
Fax +49 231 57700-6652
Email: info@ijt2019.org
Website www.ijt2019.org

3. Data protection officer ↑

The data protection officer responsible for process controlling is:

Alfred Krempf
IJT 2019 Düsseldorf gGmbH
Jahnstr. 45, D-41564 Kaarst

Tel: +49 231 57700-52
Fax +49 231 57700-6652
Email: datenschutz@ijt2019.org
Website: www.ijt2019.org

Data subjects can approach the data protection officer directly at any time in the event of questions or concerns on data protection.

4. Cookies ↑

The website of the IJT 2019 Düsseldorf gGmbH uses cookies. Cookies are text files which are deposited and stored on a computer system by an internet browser.

Countless websites and servers also use cookies. Many cookies contain a so-called “cookie ID”. A cookie ID is a unique identifier of that cookie. It consists of a character string, through which websites and servers can identify the particular internet browser in which the cookie is stored. This allows websites and servers visited to differentiate between the individual browsers of data subjects from other internet browsers which also contain other cookies. A particular internet browser can be recognised and identified by the unique cookie.

By using cookies, the IJT 2019 Düsseldorf gGmbH is able to provide its users with user-friendly services which wouldn’t be possible without cookies.

Cookies allow us to optimise the information and items available on our website for the benefit of the user. As already mentioned, cookies allow us to recognise the users of our internet pages. The purpose of this recognition is to make the website easier for users. For example, where cookies are used on a website it wouldn’t be necessary for access details to be entered on each visit, because the cookie stored by the website on the user’s computer system would already have acquired the details. A further example is the cookie of a shopping basket in an online shop. The online shop uses a cookie to store the items which a customer places into the virtual shopping basket.

Data users can avoid cookies being stored from our website at any time by changing settings and permanently block them on their internet browser . Furthermore, cookies can be deleted which have already been stored through an internet browser or other software programme. This is possible in all commonly used internet browsers. Full use of the features of our internet site, however, may not necessarily remain when a data subject deactivates the storage of cookies.

5. Recording general data and information ↑

The website of the IJT 2019 Düsseldorf gGmbH gathers streams of general data and information each time a data subject or an automated system accesses its internet pages. This data and information is stored in the log files of the server. Such information captured could be (1) type and version of browser in use, (2) accessing operating system, (3) from which website a system is using to access our website (the so-called referrer), (4) the subsites which a system is steered to on our internet site, (5) the date and time stamp of accesses to our internet site, (6) an internet protocol address (IP address), (7) the internet provider of the accessing system and (8) other similar data and information serving as risk prevention against attacks on our information technology systems.

The general data and information which the IJT 2019 Düsseldorf gGmbH acquires doesn’t give any reference to the data subject. The information is rather more necessary to (1) present the contents of our internet site correctly, (2) optimise the contents of our website and its advertisements, (3) maintain permanent functional working order of our information technology systems and the technology of our website and (4) provide the necessary information to the law enforcement authorities should a cyber attack occur. This anonymous data and information will therefore be monitored by the IJT 2019 Düsseldorf gGmbH for statistical purposes and also with the aim of providing a higher level of data protection and safety in our business, so that an optimal level of security is maintained for all personal data which we process. The anonymous data stored in the server files remains separated from the personal data we receive from data users.

6. Subscription to our newsletter ↑

The website of the IJT 2019 Düsseldorf gGmbH gives users the opportunity to subscribe to the newsletter of our organisation. The subscribers personal data which the data controller receives is shown here in the input mask.

Customers and business partners of the IJT 2019 Düsseldorf gGmbH are kept regularly up to date with information from our organisation by means of a newsletter. Our newsletter can only be received by data subjects when (1) data subjects have a valid email address and (2) data subjects have registered to receive the newsletter. For legal reasons, a newsletter confirmatory email will initially be sent in a “double opt-in” process to the data subject. This process serves to verify that the recipient of the newsletter is authorised as the data subject to receive it.

On subscribing to the newsletter, we will store the internet address of the data subject’s computer system as given by the internet service provider (ISP) at the time of registering, as well as the date and time of registering. This data is necessary to trace possible misuse of a data user’s email address at a later time and serves therefore as a legal safeguard for the controller.

The personal data recorded in subscribing to the newsletter will be used exclusively for its delivery. Also, newsletter subscribers can be kept informed per email of changes as the newsletter service or its subscription requires, as in the case, for example, of its service or the technical conditions. Personal data provided for the newsletter will not be passed on to third parties. Subscription to the newsletter can be cancelled by data subjects at any time. The consent given by data subjects to store personal data for the newsletter delivery can be revoked at any time. A link is provided for this purpose in each edition of the newsletter. It is also possible to cancel newsletter delivery at any time directly through the internet site to the data controller or to inform him by any available means.

7. Newsletter tracking ↑

The IJT 2019 Düsseldorf gGmbH newsletters contain so-called “tracking pixels”. A tracking pixel is a miniature graphic which can be embedded in emails sent in the HTML format to provide log file recording and analysis. This allows statistical evaluation to be made, for example, of the success or failure of an online marketing campaign. Embedded tracking pixels give the IJT 2019 Düsseldorf gGmbH the means to determine when an email of a data subject has been opened and what links in the email have been called up.

Such information gained from the tracking pixels of personal data contained in the newsletters will be stored by the controller and evaluated to optimise delivery of newsletters and to make future newsletters even more interesting for data subjects. This personal data will not be passed on to any third party. Data users have the right to revoke their declaration of consent, separately provided, at any time through the double opt-in process. On revocation of consent this personal data will be deleted by the controller. Notice to cancel newspaper subscription will automatically be taken as revocation by the IJT 2019 Düsseldorf gGmbH.

8. Making contact through the website ↑

In compliance with statutory requirements, the website of the IJT 2019 Düsseldorf gGmbH provides a fast electronic contact channel and a direct communication means to our organisation, which also includes the generic address of our so-called “electronic mail” (email address). When a data subject makes contact with us per email or through a contact form, we will automatically store the personal data given of that person. That freely given data will solely be used for the purpose of responding to the enquiry or contact request. This personal data will not be passed on to any third party.

9. Routine deletion and barring of personal data ↑

The personal data of data subjects is processed and retained by us for the period necessary to fulfil its purpose or for as long as the directives of the European regulatory authority or the directives of any other legal authority concerning data processing require.

The personal data will be routinely barred or deleted in accordance with the legal directives when its retention purpose has ended or its retention ends under the directives of the European regulatory authority or the directives of any other legal authority.

10. Rights of the data subject ↑

a) The right to be informed

Every data subject has the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of information, he or she may, at any time, contact any employee of the controller.

b) Right of access

Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and to receive a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

the purposes of the processing

the categories of personal data concerned

the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations

where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing

the right to lodge a complaint with a supervisory authority

where the personal data are not collected from the data subject, any available information as to their source

the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

c) Right to rectification

Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

d) Right to erasure (‘right to be forgotten’)

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.

The personal data have been unlawfully processed.

The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the IJT 2019 Düsseldorf gGmbH, he or she may, at any time, contact any employee of the controller. An employee of IJT 2019 Düsseldorf gGmbH shall ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking available technology and the cost of implementation into account, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, that personal data, as far as processing is not required. An employees of the IJT 2019 Düsseldorf gGmbH will arrange the necessary measures in individual cases.

e) Right of restriction of processing

Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.

The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.

The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the IJT 2019 Düsseldorf gGmbH, he or she may at any time contact any employee of the controller. The employee of the IJT 2019 Düsseldorf gGmbH will arrange the restriction of the processing.

f) Right to data portability

Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact any employee of the IJT 2019 Düsseldorf gGmbH.

g) Right to object

Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

The IJT 2019 Düsseldorf gGmbH shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If the IJT 2019 Düsseldorf gGmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the IJT 2019 Düsseldorf gGmbH to the processing for direct marketing purposes, the IJT 2019 Düsseldorf gGmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the IJT 2019 Düsseldorf gGmbH for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact any employee of the IJT 2019 Düsseldorf gGmbH. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, the IJT 2019 Düsseldorf gGmbH shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the IJT 2019 Düsseldorf gGmbH.

i) Right to withdraw data protection consent

Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the IJT 2019 Düsseldorf gGmbH.

11. Data protection for applications and application procedures ↑

The data controller shall collect and process the personal data of applicants for the purpose of completing application procedures. The processing may also be carried out electronically. This is particularly so when an applicant submits corresponding application documents by email or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. Another example of legitimate interest in this sense would be, for example, a burden of proof in a procedure under the General Act on Equal Treatment Act.

12. Data protection regulations for the use and applications of Facebook ↑

The IJT 2019 Düsseldorf gGmbH has components of the Facebook organisation integrated into its website. Facebook is a social network.

A social network is a social meeting place on the internet; an online community which usually allows its users to communicate with each other and to interact within a virtual room. A social network can also be a platform where ideas and experiences can be exchanged or provide an internet community for personal and business information to be available. Facebook allows its users to set up private profiles, to upload photos and to create friends networks.

The operating company of Facebook is the Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of personal data for data subjects living outside of the USA or Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The internet browser of the data user’s information technology system will automatically be prompted by Facebook to download a display of a Facebook component each time one of our pages is called up in which that Facebook component is integrated (Facebook plug in). A full list of all Facebook plug ins can be found under https://developers.facebook.com/docs/plugins/?locale=EN. Facebook receives information from this technical process about exactly which subsites have been visited by a data subject.

Facebook recognises what specific subsites of our internet site are being called up by a data subject for the duration of access to our site, when the user is simultaneously logged in with Facebook. This information is gathered by the Facebook components and located by Facebook to the respective Facebook user’s account. When the data subject activates one of the integrated Facebook buttons on our website, for example the “Like” button, or adds a comment, Facebook adds this information to the personal Facebook account of the data subject and makes a record of that personal data.

Facebook therefore receives information through the Facebook components that a data subject has visited our website when that subject is simultaneously logged in with Facebook. This is independent of whether the data subject has clicked on a Facebook component or not. If the data subject does not wish such information to be sent to Facebook, it can be avoided by logging out of the Facebook account before entering our website.

13. Data protection regulations on usage and applications by the copyright collecting agency WORT (VG WORT) ↑

The IJT 2019 Düsseldorf gGmbH has installed so-called “tracking pixels” on its website. A tracking pixel is a miniature graphic which is imbedded in the internet pages. Its purpose is to provide information in log file records from which statistical analysis can be made. This analysis is made using a scalable centralised measuring system of the copyright collecting agency WORT (VG WORT).

The scalable centralised measuring system is operated by INFOline GmbH, Forum Bonn Nord, Brühler Str. 9, 53119 Bonn.

The scalable centralised measuring system provides statistical information in determining the probability of copied text. The embedded tracking pixels allow VG WORT to recognise when and how many users (including data subjects) have entered our website and what contents have been called up.

The data which the scalable centralised measuring system processes is anonymous. It becomes linked to users of web pages either by using so-called “session cookies”, a form of an identifying signature, which automatically transfers various information, or by alternative methods. The IP addresses of data subjects’ internet accesses are recorded and processed in an anonymous form. At no instance is a data subject identified.

Data users are free, at any time, to configure their internet browser to permanently block the use of cookies against them. Such configuration of the internet browser would also prevent INFOnline from using cookies against the information technology system of data subjects. Furthermore, cookies already set by INFOnline can be deleted at any time in the internet browser or other software programme.

It is also possible for data subjects to object to the recording and processing of their data which INFOnline has gained from use of this internet site and to prohibit further such actions. A link is provided for this purpose, http://optout.ioam.de, in which the data subject can activate the “Opt Out” button. The button will set an Opt Out cookie on the information technology system of the data subject. If the cookies on the system of the data subject are deleted following an objection, then the data subject must set anewed an Opt Out cookie.

It should be noted that by activating the Opt Out cookie all features of our internet site may no longer be accessible for the data subject.

INFOnlines’s prevailing data protection regulations can be found under https://www.infonline.de/datenschutz/

14. Data protection regulations on the usage and applications of Google Analytics (with anonymization feature) ↑

The IJT 2019 Düsseldorf gGmbH has components of Google Analytics (with an anonymization feature) integrated into this website. Google Analytics is a web analysing service. Web analysis is the collection, recording and evaluation of data relating to user activity on internet sites. A web analysing service records, for example, data of which website a data subject is using to access another website (a so-called “referrer”), which subsites of a website are called up or how often and the duration a subsite is being viewed. Web analysis is predominantly applied to website optimisation and for cost benefit analysis of internet advertising.

The head office of Google Analytics components is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The IJT 2019 Düsseldorf gGmbH uses the Google Analytics gat._anonymizeIp add-on function for its website analysis. This Google Analytics function shortens and therefore anonymizes the IP address of the data subject’s internet service when access to our website comes from a member state of the European Union or from another signatory state of the European Economic Area.

The purpose for the Google Analytics component is to analyse the streams of visitor data to our website. Google uses the data captured and information gained thereby to evaluate the usage of our website and present it in the form of online reports of activity and also in connection with the usage of services which our internet site provides.

Google Analytics places a cookie on the information technology system of the data subject. An explanation of what cookies are has previously been given. The cookies allow Google to analyse the use of our website. Each time a page of this website is called up which we, the IJT 2019 Düsseldorf gGmbH, operate and in which a Google Analytics component has been integrated, a command is automatically sent to the internet browser of the data subject’s information technology system by the Google Analytics component to provide Google with data for online analysis. With this technical process Google receives personal data information, for example the IP address of data subjects, which help to trace the origin of visitors and clicks made for any following commission settlement.

Cookies provide the means for personal information to be stored, for instance the time of access, the location from which an access was made and the frequency of visits to our website by a data subject. This personal information, including the IP address of the data subject, is passed on each visit to our website to Google in the USA and is recorded by Google in the USA. Under certain circumstances, Google may provide third parties with the personal data gained from this technical process.

As already described, it is possible for data subjects to avoid cookies being set on our website at any time by means of settings on their internet browser and so to permanently bar their application. Such internet browser settings would also prevent Google from setting a cookie on the information technology system of the data subject. Additionally, a cookie which has already been set by Google Analytics can be deleted at any time through the internet browser or other software programme.

It is also possible for data subjects to object to and prevent the personal data compiled by Google Analytics from our website from being processing by Google. For this purpose the data subject must download and install a browser add-on link under https://tools.google.com/dlpage/gaoptout. This browser add-on sends Google Analytics a JavaScript to inform that data and information of visits to websites may not be transferred to Google Analytics. The installation of the browser add-on is noted by Google as an objection. The data subject must re-install the browser add-on to de-activate Google Analytics should the information technology system of the data subject be deleted, formatted or newly installed at a later time. The browser add-on, de-installed or de-activated by the data subject or an authorised person, can be re-installed or re-activated at any time.

Additional information and Google’s prevailing privacy policy can be seen underhttps://www.google.us/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Further information about Google Analytics can be found inder this link https://www.google.com/intl/us_en/analytics/

15. Data protection regulations for the use and applications of Google+ ↑

We, the IJT 2019 Düsseldorf gGmbH, have integrated a component of Google+ into this website; the Google+ button. Google+ is a so-called social network and a social network is a network-driven social meeting place; an online community which generally allows its users to communicate between each other and to interact in a virtual room. A social network can be a platform for the exchange of ideas and experiences or provide the means for the internet community, whether personally or on a business level, to exchange information. Amongst other things, Google+ allows the users of this social network to set up private profiles, to upload photos and to create networks of friend requests.

The headquarters of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the pages of our website is called up in which a Google+ button is integrated, the internet browser of the data subject’s information technology system will automatically be prompted by Google to download the image of that Google+ button. This technical process provides Google with information of exactly which subsites of our website have been visited by data subjects. Further information about Google+ can be found under https://developers.google.com/+/.

Google+ recognises what specific subsites of our website are being called up by a data subject for the duration of access to our site, when the user is simultaneously logged in with Google+. This information is gathered by the Google+ button and located by Google to the respective Google+ user’s account.

When a data subject clicks on the Google+ button integrated on one of our internet pages and gives a Google+1 recommendation, Google locates this information to the personal account of the Google+ user and stores this personal data. Google stores the data subject’s Google+1 recommendation and makes it openly visible in accordance with the conditions which have already been accepted by the data subject. A Google +1 recommendation made by the data subject on this website will subsequently be stored and processed with other personal data, such as the name of the data subject’s Google+1 account, including photos installed, for use in other Google services. These could be in search engine results of the Google search engine, in the Google account of the data subject or in other locations as, for example, other websites or in connection with website advertisements. Google is also able to link visits to our website with other personal data which it has stored. Furthermore, the personal data which Google saves is used for the purpose of improving and optimising its various services.

Google receives information through the Google+ button that a data subject has visited our internet site when that subject is simultaneously logged in with Google+. This is independent of whether the data subject has clicked on a Google+ button or not.

If the data subject does not wish such information to be sent to Googlek, it can be avoided by logging out of the Google+ account before entering our website.

Further information and Google’s privacy statement can be found under https://www.google.us/intl/en/policies/privacy/. More information by Google about the Google+1 button can be found under https://developers.google.com/+/web/buttons-policy

16. Data protection regulations for the use and applications of Instagram ↑

The IJT 2019 Düsseldorf gGmbH has components of the Instagram service integrated on this website. Instagram is an audio visual platform, which allows its users to share photos and videos and to pass them on to other social networks.

The headquarters of Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Each time one of the pages of our website is called up in which an Instagram component (Insta button) is integrated, the internet browser of the data subject’s information technology system will automatically be prompted by the respective Instagram component to download the image of that component. This technical process provides Google with information of exactly which subsites of our website have been visited by data subjects.

Instagram recognises what specific subsites of our website are being called up by a data subject for the duration of access to our site, when the user is simultaneously logged in with Instagram. This information is gathered by the Instagram component and located by Instagram to the respective data subject’s Instagram account. When a data subject clicks on one of the integrated Instagram buttons on our web pages, the resulting data and information is attributed to the user’s personal Instagram account and is stored and processed by Instagram.

Instagram receives information from the Instagram component that a data subject has visited our website, as long as the data subject is simultaneously logged on to Instagram. This information is passed regardless of whether a data subject clicks on an Instagram component or not. To avoid data information being passed to Instagram the data subject should log out of Instagram before accessing our website.

Further information and the prevailing privacy policy statement can be found under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

17. Data protection regulations for the use and applications of Twitter ↑

The IJT 2019 g Düsseldorf GmbH has integrated components of Twitter on this website. Twitter is a very public multi-lingual micro-blogging service where its users send so-called “tweets”, in other words short text messages limited to 280 characters. These short messages are for everyone, not only for persons who have registered with Twitter. The tweets are usually sent, however, to so-called “followers” of the respective sender. Followers are other Twitter users who follow the tweets from another user. Twitter also addresses a wider public audience by using hashtags, links or retweets.

The managing organisation of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time one of the pages of our website is called up in which a Twitter component (Twitter button) is integrated, the internet browser of the data subject’s information technology system will automatically be prompted by the respective Twitter component to download the image of that Twitter component. Further information about the Twitter buttons can be found under https://about.twitter.com/en/resources/buttons. This technical process provides Twitter with information about exactly which subsites of our website have been visited by data subjects. The purpose of the integrated Twitter components is to increase information available on our website for our users, to give awareness of our website in the digital world and to increase the number of visitors to our site.

Twitter recognises what specific subsites of our internet site are being called up by a data subject for the duration of access to our site, when the data subject is simultaneously logged in with Twitter. This information is gathered by the Twitter components and located by Twitter to the respective Twitter user’s account. When the data subject clicks on one of the integrated Twitter buttons on our website, the data and information provided is located to the data subject’s Twitter account and is stored and processed by Twitter.

Twitter receives information from the Twitter components of visits by data subjects to our website as long as data subjects are simultaneously logged on to Twitter. This occurs independently of whether data subjects click on the Twitter component or not. If the data subject does not wish such information to be sent to Twitter, it can be avoided by logging out of the Twitter account before entering our website.

Twitter’s prevailing data privacy policy can be found under https://twitter.com/privacy?lang=en.

18. Data policy regulations for the use and applications of YouTube ↑

We, the IJT 2019 Düsseldorf gGmbH, have integrated components of YouTube into this website. YouTube is an internet video portal which allows video publishers to upload cost-free video clips and for other users to view, appraise and comment on them. YouTube allows the publication of all types of videos to be uploaded to the internet portal for viewing, including complete films and TV programmes, to music videos, trailers and users’ self-produced videos.

YouTube is managed by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA and YouTube, LLC is a daughter company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the pages of our website is called up in which a YouTube component (YouTube video) is integrated, the internet browser of the data subject’s information technology system will automatically be prompted by the respective YouTube component to download the image of that YouTube component. Further information about YouTube can be found under https://www.youtube.com/yt/about/en. This technical process provides YouTube and Google with information of exactly which subsites of our website have been visited by data subjects.

YouTube recognises what specific subsites of our website are being called up by a data subject for the duration of access to our site, when the user is simultaneously logged in with YouTube. This information is gathered by YouTube and Google and located to the respective YouTube data subject’s account.

YouTube receives information from the YouTube component that a data subject has visited our website, as long as the data subject is simultaneously logged on to YouTube. This information is passed regardless of whether a data subject clicks on a YouTube video or not. To avoid data information being passed to YouTube and Google the data subject should log out of YouTube before accessing our website.

YouTube’s privacy policy, which can be found under https://www.google.us/intl/en/policies/privacy/gives information about collecting, storing and using personal data through YouTube and Google.

19. Data protection regulations for the use and application of the Whatsapp messaging service ↑

By using the messaging communication service which we have arranged, the end user is obliged to give his/her consent for us to process and use his/her personal data (for example, surname and first name, telephone number, messenger ID, profile and chat/messaging history) in accordance with Article 6, paragraph 1a of the General Data Protection Regulation (GDPR).

Responsibility for the messenger service lies with the service provider,

• Whatsapp, at WhatsApp, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. The Whatsapp Privacy Policy can be called up under https://www.whatsapp.com/legal/#privacy-policy

Consent to the processing of your data can be freely revoked at any time; whereby, you, as the end user, have the option to contact the respective user of the MessengerPeople at any time with the request for your personal data to be deleted, or to cancel the sending of information. The user of the MessengerPeople GmbH then has the responsibility to ensure that all information concerning the end user is immediately deleted from the system.

20. Legal basis for the processing ↑

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

21. The legitimate interests pursued by the controller or by a third party ↑

Where the processing of personal data is based on Article 6(1) lit. f GDPR, our legitimate interest is to carry out our business in favour of the well-being of all our employees and our shareholders.

22. Period for which the personal data will be stored ↑

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

23. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data ↑

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

24. Existence of automated decision-making ↑

As a responsible company, we do not use automatic decision-making or profiling.

This Privacy Policy has been generated by the Privacy Policy Generator of the German Association for Data Protection, acting as our external data protection officer in Munich, developed in cooperation with the IT and data protection lawyer Christian Solmecke in Cologne.